CVEs from 2023
Total
8,601
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
2.6%
% with KEV
1.9%
% with exploit
1.9%
Top vendors
- redhat 120
- microsoft 76
- f5 43
- cisco 26
- automattic 19
- cbot 12
- brainstormforce 11
- gvectors 10
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- openstack_platform 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- registrationmagic 6
- codeready_linux_builder_eus 6
- cbot_panel 6
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2023-1728 | critical | 9.8 | 9.8 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection. This issue affects LMS: before 23.04.03. | |
| CVE-2023-1765 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection. This issue affects Panon: before 1.0.2. | |
| CVE-2023-1725 | critical | 9.8 | 9.8 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery. This issue affects Project Management System: before 4.09.31.125. | |
| CVE-2023-28531 | critical | 9.8 | 9.8 | 3y ago | ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. | |
| CVE-2023-33150 | critical | 9.6 | 9.6 | 3y ago | Microsoft Office Security Feature Bypass Vulnerability | |
| CVE-2023-43641 | critical | — | 9.5 | — | libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited… | |
| CVE-2023-5388 | critical | — | 9.5 | 2y ago | Critical: firefox security update | |
| CVE-2023-46846 | critical | — | 9.5 | 3y ago | Critical: squid security update | |
| CVE-2023-46847 | critical | — | 9.5 | 3y ago | Critical: squid security update | |
| CVE-2023-46848 | critical | — | 9.5 | 3y ago | Critical: squid security update | |
| CVE-2023-45853 | critical | — | 9.5 | 3y ago | pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency | |
| CVE-2023-3128 | critical | — | 9.5 | 3y ago | Critical: grafana security update | |
| CVE-2023-29402 | critical | — | 9.5 | 3y ago | Critical: go-toolset and golang security update | |
| CVE-2023-29405 | critical | — | 9.5 | 3y ago | Critical: go-toolset and golang security update | |
| CVE-2023-29404 | critical | — | 9.5 | 3y ago | Critical: go-toolset and golang security update | |
| CVE-2023-29403 | critical | — | 9.5 | 3y ago | Critical: go-toolset and golang security update | |
| CVE-2023-28787 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.… | |
| CVE-2023-24215 | critical | 9.1 | 9.1 | 9d ago | Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. | |
| CVE-2023-47842 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | |
| CVE-2023-29386 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. | |
| CVE-2023-49166 | critical | 9.1 | 9.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.This issue affects MSync: from n/a through 1.0.0. | |
| CVE-2023-49161 | critical | 9.1 | 9.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2. |